class LoginController < ApplicationController

layout 'model'

  def index
  end

  def private
    if !session[:user_id]   
      redirect_to :action=> 'index'  
    end 
  end
  
  def authenticate   
    #User.new(params[:userform]) will create a new object of User, retrieve values from the form and store it variable @user.   
    @user = User.new(params[:userform])
    #userole = session[:role]
                 
    
    #find records with username,password   
    valid_user = User.find(:first,:conditions => ["user_name = ? and password = ?",@user.user_name, @user.password])   
    #if statement checks whether valid_user exists or not   
    
        
    #if valid_user && valid_user.role == 0
      if valid_user
      #creates a session with username  
      session[:user_id]=valid_user.user_name
      session[:role]=valid_user.role
      #redirects the user to our private page.   
      redirect_to :action => 'index', :controller => 'events' 
      
    #elsif valid_user && valid_user.role == 1
      #flash[:notice] = "Sorry you do not have enough access rights for this page"  
      #redirect_to :action=> 'index'  
    else  
      flash[:notice] = "Invalid User/Password"  
      redirect_to :action=> 'index'  
    end  
  end 

  def logout   
     if session[:user_id]   
      reset_session   
      redirect_to :action=> 'index'  
    end  
  end 
  
  
  
end
